XSS in Beego

CVE-2021-39391

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (51.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

  • Beego — versions 2.0.1
  • N/a — versions n/a

Weakness classification (CWE)

Public proof-of-concept exploits

References

  • cve@mitre.org (Third Party Advisory, x_refsource_MISC)
  • cve@mitre.org (Exploit, Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)

Frequently asked questions

What is CVE-2021-39391?
CVE-2021-39391 is a medium-severity vulnerability in Beego, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2021-09-14.
How severe is CVE-2021-39391?
Medium severity. CVSS v3 base score is 6.1 out of 10.
Is CVE-2021-39391 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.